Having Intrusion Detection System Despite Having Anti Virus and Firewall

Fajar Purnama
4 min readFeb 1, 2021

My comment on why need an intrusion detection system (IDS) is to prevent intruders from the system. I agree on using IDS, with the more famous, larger, and more important of a corporation’s or institution’s network, the more IDS is needed. As we enjoy the advance in information communication technology the threat level rises as well. We are no longer on the level of just using the technology but we must now include the security aspect as well. Different from the past our reliance to using the network is high. Almost everyone today store, seek, and exchange informations on The Internet. For us regular users is already a hindrance if we can’t use the service, and a stab on the chest if we lose our data. For big companies it’s a loss in profit, loss in trust, ultimately could result in destruction of the company. For example when a company makes a deal of $100.000 with the vendor via online, but an abnormality network exist whether infected by a malware, or someone exploits the vulnerability and adds an extra “zero” on the value from $100.000 to $1.000.000. That will result a great loss for the company. This is the fifth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

Today there are many security issues on the network. It’s already been 16 years since the Melissa worm epidemic on 1999. Surely threat and security since had greatly advance. For individuals with their personal computer (PC) it’s common for them to have anti virus (AV) software to defend themselves against virus’ and other malwares. For network administrators firewall is an essential to be configured on the network. Even so there are still missing pieces in AV and firewall. AV scans files, scripts that contains certain pattern of a virus and quarantine it. Firewall configures the authorizations of who can access the network. Then even for a beginner like that have Metasploit could exploit the vulnerability on MS08–067 of late Windows XP if I were in the network. Pure AV will not detect this event because I’m not using a virus to infect a file. A…

Fajar Purnama

this blog contains all my articles licensed under creative commons attribution customized sharealike (cc-by-sa) where you can sell but mention the open one here